WIRED Threat Level

MAY 14, 2019

All it took to compromise a smartphone was a single phone call over WhatsApp. The user didn't even have to pick up the phone.

IT 208

IT Security 208

Data Breach Today

MAY 16, 2019

$63 Million in Fines Imposed Since Privacy Law Went Into Full Effect European privacy authorities have received nearly 65,000 data breach notifications since the EU's General Data Protection Regulation went into full effect in May 2018. Privacy regulators have also imposed at least $63 million in GDPR fines.

Data breaches 267

Data breaches GDPR Privacy 267

Information Management Resources

MAY 17, 2019

Such frameworks ensure that AI continues to lead to the best decisions, without unintended consequences or misuse of data and analytics.

Artificial Intelligence 53

Artificial Intelligence Analytics 53

Krebs on Security

MAY 14, 2019

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003 , citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. The May 2017 global malware epidemic WannaCry affected some 200,000 Windows systems in 150 countries.

Ransomware 267

Ransomware Authentication Security IT 267

Advertiser: ZoomInfo

AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.

Sales

Krebs on Security

MAY 15, 2019

In the early days of the Internet, there was a period when Internet Protocol version 4 (IPv4) addresses (e.g. 4.4.4.4) were given out like cotton candy to anyone who asked. But these days companies are queuing up to obtain new IP space from the various regional registries that periodically dole out the prized digits. With the value of a single IP hovering between $15-$25, those registries are now fighting a wave of shady brokers who specialize in securing new IP address blocks under false preten

IT 209

IT Marketing Security 209

Data Breach Today

MAY 17, 2019

Poorly Written Ransomware Still Infects Unpatched Systems Two years after WannaCry tore a path of destruction through the world, the ransomware remains a danger, with many systems still vulnerable to the EternalBlue or EternalRomance exploits that started it all.

Ransomware 263

Ransomware IT 263

WIRED Threat Level

MAY 13, 2019

Researchers have discovered a way to break one of Cisco's most critical security features, which puts countless networks at potential risk.

Risk 260

Risk Security 260

Krebs on Security

MAY 16, 2019

Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the same name. The locations of alleged GozNym cybercrime group members.

Computer and Electronics 216

Computer and Electronics Phishing Cloud Access 216

Security Affairs

MAY 12, 2019

The paradox, the USB stick eyeDisk that uses iris recognition to unlock the drive could reveal the device’s password in plain text in a simple way. eyeDisk is a USB stick that uses iris recognition to unlock the drive, it is advertised as the “Unhackable USB Flash Drive,” instead it could reveal the device’s password in plain text. Just analyzing the eyeDisk USB stick with the Wireshark packet analyzer.

Passwords 279

Passwords Authentication Encryption IT 279

Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage

When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m

Data Breach Today

MAY 13, 2019

Massive 2017 Breach Continues to Bite the Credit Reporting Giant's Bottom Line Equifax has reported a loss in its latest quarter due to ongoing incident response, legal, investigative and corporate information security overhaul costs resulting from its 2017 data breach. The credit reporting giant says that so far, it's spent $1.4 billion as a result of the massive breach.

Data breaches 261

Data breaches Information Security Security IT 261

WIRED Threat Level

MAY 14, 2019

Two different groups of researchers found another speculative execution attack that can steal all the data a CPU touches.

Security 256

Security 256

The Last Watchdog

MAY 14, 2019

One of the catch phrases I overheard at RSA 2019 that jumped out at me was this: “The internet is the new corporate network.” Related: ‘Machine identities’ now readily available in the Dark Net Think about how far we’ve come since 1999, when the Y2K scare alarmed many, until today, with hybrid cloud networks the norm. There’s no question the benefits of accelerating digital transformation are astounding.

Authentication 178

Authentication Digital transformation Cloud Risk 178

Security Affairs

MAY 13, 2019

The popular French white hat hacker Robert Baptiste (aka @fs0c131y) discovered how to brick all Samsung mobile phones. French white hat hacker Robert Baptiste (aka @fs0c131y) discovered how to brick all Samsung mobile phones. I just published "How to brick all Samsung phones" on @Medium [link] — Elliot Alderson (@fs0c131y) May 12, 2019.

Security 279

Security IT Information Security 279

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Data Breach Today

MAY 15, 2019

CPUs Shipped From 2011 Onward Have Flaws of the Meltdown and Spectre Variety Newly discovered microarchitectural data sampling flaws in Intel processors - collectively dubbed "ZombieLoad" - could be exploited to steal private data from PCs and servers, including shared cloud environments. Intel, Microsoft, Apple and others have begun to ship patches designed to help mitigate the problems.

Cloud 260

Cloud 260

WIRED Threat Level

MAY 15, 2019

A very bad vulnerability in Windows XP could have serious ramifications, even with a patch.

Security 207

Security 207

AIIM

MAY 17, 2019

Sometimes a little too much of a good thing can be a bad thing. An overabundance of motivation can lead to stress, fatigue, and burnout. According to the Harvard Business Review, the majority of managers now spend over 85% of their work time checking emails, checking up on meetings, connecting with people over the phone, and checking their phones for important, work-related updates.

Communications 171

Communications Risk IT 171

Security Affairs

MAY 11, 2019

Researchers at Cisco Talos discovered an use-after-free() vulnerability in SQLite that could be exploited by an attacker to remotely execute code on an affected device. Cisco Talos experts discovered an use-after-free() flaw in SQLite that could be exploited by an attacker to remotely execute code on an affected device. An attacker can trigger the flaw by sending a malicious SQL command to the vulnerable installs. “An exploitable use after free vulnerability exists in the window function

Libraries 279

Libraries Security IT 279

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Data Breach Today

MAY 14, 2019

Immediate App Updating Required to Protect Apple and Android Device Users Facebook is warning users of its WhatsApp messaging app to update immediately to fix a flaw that is being used to remotely install Pegasus surveillance software from Israel's NSO Group. WhatsApp says a "select number" of targets were hit by the attacks, which it has blamed on "an advanced cyber actor.

IT 257

IT 257

WIRED Threat Level

MAY 14, 2019

Catch up on the most important news today in 2 minutes or less.

Security 143

Security 143

AIIM

MAY 15, 2019

I am very pleased to announce that the Certified Information Professional (CIP) exam has been approved for reimbursement under the Veterans Education Benefit program for Licensing and Certification reimbursements administered by the U.S. Department of Veterans Affairs - aka the GI Bill. This is something that is intensely personal to me. When I got out of the Marine Corps, I wasn't sure what I wanted to do, but I knew that I had the GI Bill to help fund my education and professional development.

Education 136

Education Military IT Security 136

Security Affairs

MAY 14, 2019

Facebook fixed a critical zero-day flaw in WhatsApp that has been exploited to remotely install spyware on phones by calling the targeted device. Facebook has recently patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568 , that has been exploited to remotely install spyware on phones by calling the targeted device. WhatsApp did not name the threat actor exploiting the CVE-2019-3568, it described the attackers as an “advanced cyber actor” that targeted “a select number

Government 278

Government Security IT Information Security 278

Advertiser: ZoomInfo

ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!

Marketing

Data Breach Today

MAY 16, 2019

6 Suspects Arrested on Money Laundering, Malware-Writing or Fraud Charges Law enforcement agencies in the U.S. and Europe have disrupted a malware attack platform called GozNym. Six suspects have been arrested in four countries and face local prosecution on fraud, money laundering or malware-writing charges. Five Russian suspects remain at large.

242

242

WIRED Threat Level

MAY 16, 2019

Opinion: As online extremism migrates to real-world violence, some suggest letting law enforcement intercept encrypted messages. But that’s a dangerous proposition.

Access 143

Access Encryption Privacy Security 143

AIIM

MAY 13, 2019

As a project manager that specializes in digital software products, I will let you in on a secret about a new role, a new type of person that is emerging in the ranks—and it’s all good news for your project. This particular role actually inspired this series of articles about new roles that were emerging in the project life cycle due to digital disruption.

IoT 118

IoT IT Risk Security 118

Security Affairs

MAY 11, 2019

Security researcher Gjoko Krstic from Applied Risk discovered over 100 vulnerabilities that expose buildings to cyber attacks. Security researcher Gjoko Krstic from Applied Risk discovered over 100 vulnerabilities in management and access control systems from four major vendors. An attacker can exploit the vulnerabilities to gain full control of the vulnerable products and access to the devices connected to them.

Access 278

Access Risk Data collection Passwords 278

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Data Breach Today

MAY 13, 2019

Business Email Compromise Schemes Get More Sophisticated A growing area of concern for security researchers is a new crop of business email compromise schemes originating from Nigeria, with scammers upping their game by using new malware. The biggest of the crime gangs is SilverTerrier, according to Palo Alto Network's Unit 42.

Security 231

Security 231

WIRED Threat Level

MAY 11, 2019

Facial recognition run amok, antivirus hacks, and more of the week's top security news.

Security 125

Security 125

Schneier on Security

MAY 17, 2019

In March, Adi Shamir -- that's the "S" in RSA -- was denied a US visa to attend the RSA Conference. He's Israeli. This month, British citizen Ross Anderson couldn't attend an awards ceremony in DC because of visa issues. (You can listen to his recorded acceptance speech.) I've heard of at least one other prominent cryptographer who is in the same boat.

111

111